Sunday, May 20, 2012

Ophcrack is an open source and free program that bypass Windows passwords by using LM hashes through rainbow tables. The Ophcrack Windows password reset is by far the fastest freeWindows 7 password hacker tool available.

The program includes the ability to import the hashes from a variety of formats, including dumping directly from the SAM files of Windows. On most computers, ophcrack can crack most passwords within a few minutes.Rainbow tables for LM hashes of alphanumeric passwords are provided for free by the developers. By default, ophcrack is bundled with tables that allows it to crack passwords no longer than 14 characters using only alphanumeric characters. Available for free download are two Windows XP tables, one small and one fast, and one Windows Vista table.

Objectif Sécurité has even larger tables for purchase, intended for professional use. Larger rainbow tables contain LM hashes of passwords with all printable characters, including symbols and spaces, and are available for purchase. Ophcrack is also available as Live CD distributions which automate the retrieval, decryption, and cracking of passwords from a Windows system. One Live CD distribution is available for Windows XP and lower, as well as another for Windows Vista and Windows 7. The Live CD distributions of ophcrack are built with SliTaz GNU/Linux.Starting with version 2.3, Ophcrack also cracks NTLM hashes. This is necessary if the generation of the LM hash is disabled (this is default for Windows Vista), or if the password is longer than 14 characters (in which case the LM hash is not stored).

Sunday, May 13, 2012

The South Korean government has reported that electronic jamming signals from North Korea were affecting communications and GPS signals for passenger aircraft. So far, there has not been a serious threat to safety because the pilots were able to use supplemental navigation devices.

But how does a group disrupt signals from GPS or other communication systems in the first place?

The simplest way to is to drown them out in a barrage of other signals, said Adrian Graham, a consultant in electronic warfare and the author of a textbook on the subject. That means sending out a radio signal over a wide range of frequencies similar to the ones that GPS uses. Because GPS signals are not that strong, barrage jamming is rather like blasting music in a room and drowning out conversation. Another method is to drown out the satellite signal by beaming a narrowband signal directly to the GPS receiver, if its location is known.

"Even a very low-power jammer is very effective," Graham told Discovery News .

But to really hack GPS and create a safety hazard requires that one spoofs or falsifies the data the receiver gets. To do this one might duplicate a GPS signal and play it back to a passing aircraft with a slight variation to the time signal. Since a signal broadcast from the ground would be stronger than the ones coming from orbiting satellites, the plane's GPS receiver would lock on to the fake one. The pilot wouldn't know what was happening — his GPS unit would give him a position that looked perfectly legitimate, but would gradually lead him away from his destination.

"If this brings a victim aircraft into hostile territory, it can in the worst case be shot down, with the culprit country being able to say that the aircraft strayed into restricted airspace," Graham said.

GPS isn't the only kind of communication signal that can be messed with. The U.S. military has several aircraft that are designed specifically to disrupt enemy communications. The EA-18G Growler, for instance, has been in service for the last three years and is capable of jamming enemy radar and communications, as well as destroying the installations.

Jamming communications and radar has a long history, going back at least to World War II. Some early versions of stealth technology involved aircraft generating a signal at the same frequency as the radar. More sophisticated versions of the technique were used during the Vietnam War.

Variations in that method are used today, said Stan VanDerWerf, president of Advanced Capitol, a consulting firm, and a former chief of electronic warfare and avionics at the Warner Robins Air Logistics Center at Robins Air Force Base. "Enemy radar is looking for ours," he said. "But we have a jammer, which receives energy from the radar, emulates the signal and sends it back out."

It won't make the target plane invisible, but it will make the radar operator's screen show misleading information that’s harder to decipher. A similar technique is used to fool radar-guided missiles into under- or over-estimating the speeds of their targets.

With digital communications, the problem of interference has become more complicated. Digital signals generally operate at lower power than their old-line analog cousins, so they are more vulnerable in some respects.

"Smart jamming" is a method that attacks specific digital networks, such as those for mobile phones, while leaving others intact. It involves attacking the network, as opposed to the signal. A hacker calls the local cell tower's base station, which is responsible for routing the calls through the network, and tells it to ignore everyone. The computer isn't smart enough to recognize the hack, and stops listening to the cell phone signals coming in. As a result, the calls don't go through.

Another method is to generate a signal that sounds to the phone just like a cell phone tower. Since the phone automatically locks onto the strongest signal around, it will go to the fake cell tower. The fake cell phone tower receives the signal and responds with a message that says, essentially, "Sure I will route your call," but then it does nothing.

In France, prisons use it to stop inmates from using cell phones. In the United States, jamming mobile phone communications is illegal, and the Federal Communications Commission in October said it was targeting retailers that say they sell devices designed to block mobile phones. But there is an ongoing debate about whether such technology should be available for correctional facilities. South Carolina petitioned the FCC to be allowed to do it, and selective call-blocking technology is used in some Mississippi prisons.

"Anything in the electromagnetic spectrum, these principles can be applied," VanDerWerf said.

The real problem for aircraft, especially civilian ones, is that jamming isn't visible. Many modern airplanes also use electronic compasses that are fed information form the GPS receivers. "You probably don't know you are being jammed — there will likely be no indication," Graham said. "If it is cloudy or night you will have no external reference."